Why has Avast zero-day protection fallen so much over the last few weeks?

Discussion in 'other anti-virus software' started by nine9s, May 17, 2013.

Thread Status:
Not open for further replies.
  1. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    ShadowServer has Avast zero-day protection falling over last few weeks but version 3 of Avast?

    Avast used to consistently be in top 3 (over a year period it is still #1), with a zero-day prevention rate of about 80-95% every day on this site that does a running daily test of zero-day protection of pretty much all the antivirus programs:

    http://www.shadowserver.org/wiki/pmwiki.php/AV/VirusDailyStats

    But over the last few weeks it has fallen to the 30-50% range in protection.

    You can see weekly, monthly, 90, 180 days, 1 year results and see the slide.

    Anyone know what was changed in Avast over the last few weeks?
     
    Last edited: May 18, 2013
  2. THESAWISFAMILY2005

    THESAWISFAMILY2005 Registered Member

    Joined:
    Aug 10, 2012
    Posts:
    198
    Location:
    SACRAMENTO CALIFORNIA
    this is why I don't use the program it makes my computer sluggish




    go avira free lol
     
  3. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Just another test. :rolleyes:
     
  4. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    That test is a daily test, and Avast trended from the best consistently for a year to below average over the last few weeks. I assume something must have changed.

    Any other daily or weekly recent test that include Avast?
     
    Last edited: May 18, 2013
  5. pederoco

    pederoco Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    9
    Location:
    Badhoevedorp, The Netherlands
  6. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA

    Thanks but those are old, relative to daily tests. And the test in question had high zero day results for Avast when that AV-Comparatives was tested. The last few weeks is what concerns me and I wonder what has happened during that period. For the last few years (you can get multi year data on that site), Avast has been near the top for zero daily prevention, but over the last few weeks it has taken a nose dive to below average.

    Does anyone know what happened?
     
  7. sbcc

    sbcc Guest

    Yes, I noticed the same thing.

    It is important to specify that this is a test of zero-day detection, against the ever-changing landscape of previously unidentified viruses. Avast has slipped in ShadowServer's results for a bit, but I don't believe it is significant as of yet - it's been a short time period.

    Longer term trends are more important in my opinion, and Avast has generally had the highest detection rate historically. If the trend continues there may be cause for alarm.

    An additional observation - I am seeing more false positives lately. Not sure if this is related in any way, but not a good development.

    Personally, I'm going to give Avast a little bit longer before I decide if this is a trend or just a temporary setback.

    Is there any indication that ShadowServer changed their testing regime or the way they set up Avast? That could change results quickly and dramatically.
     
  8. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA

    I find nothing noted. Somethings interesting is that Kaspersky was generally in the 20-50% range, day after day for as long as I have looked at that site which has been about 3 months. As Avast has gone down Kaspersky has gone up. They basically swapped spots over the last few weeks while other vendors seem to have stayed about the same.
     
    Last edited: May 18, 2013
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    IMHO, I would take Shadowserver's results with a pinch of salt; the use of honeypots results in many corrupted samples and they do not necessarily catch samples which normal users may be infected by.

    Also tests are carried out using Linux versions of some of the AVs, whereby results can vary compared to Windows versions due to ability to unpack etc.

    Moreover, at one time F-Prot, which has never been the best for detection was a leading light in the averages!!

    IME, large variations in protective rates are common on this site and most AVs have shown big swings in detection. So overall, I would not judge ANY AV's detection rate, never mind Avast's, solely on results from Shadowserver.
     
  10. guest

    guest Guest

    There are 2 version, windows and Linux
     

    Attached Files:

  11. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I've not noticed anything really bad with avast apart from the arrival of an advert or two. I know one person recently said they got a BSOD from avast. It still works nicely on my system and I'd certainly be looking to hang on to it for now.
     
  12. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    752
    Location:
    india
    Guys,this just another test and unfortunately avast has a bad day this time...mind you they use v4 engine that is the most old one and not using the in house real time full protection of v8 with evo-gen,filerepmalware,sandbox etc that may make big difference..just wait it must come back up on the stats on some time.

    see: http://www.shadowserver.org/wiki/pmwiki.php/AV/Viruses

    Regardless,I am hoping to see avast come back on top here. ;)
     
    Last edited: May 18, 2013
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    If they are still using old v4 engine, then it doesn't matter at all how it scores because those sort of results are irrelevant on so many levels...

    The scan engine is far more advanced now and new technologies that only work on-access are what makes avast! great at combating new malware.
     
  14. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    Thanks for posting. I did not see this before.

    My concern was how Shadowserver conducts its tests might indicate a problem with Avast's sandbox and/or behavior blocking shield but if Shadowserver is not using either than that is moot.

    What I was thinking before your post: Shadowserver tests to see if payload of zero day attacks hit, so until you posted the above, I figure Avast's sandbox and behavior blocking shield played a big part in that in Shadowserver's tests and I got concerned that the recent Avast program updates, which corresponded to the fall in Shadowserver's test result for Avast, might have been weakened, but if Shadowserver is not using either (Per that web page it is using Avast command line of version 3, right?) then that is not a concern.

    Opinion?
     
  15. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Depends what you are running alongside avast.
    I ran avast alongside comodo firewall which has a hips built in so the effectiveness of the avast zero day function was totally irrelevant.:cool:
     
  16. FOXP2

    FOXP2 Guest

    Where do you see that, please?

    Would Shadowserver be too lazy or stupid and run a version that's almost a decade old? If so, might as well dismiss everything else they do.

    But, as of this posting, they're using the latest defs (130518-0) and the command line parameters indicate all files scan, full file scan and 100% heuristics sensitivity.

    Notwithstanding the fine protection afforded by all the Shields and Cloud tech in a default v8 install, I still wouldn't mind seeing performance something better than ~50% within that defs/heuristics construct. IMHO, etc.
     
  17. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Their using the command-line scanner. Not really sure which engine. Doesn't really say.
    Avast command-line scanner Sigs: 130518-0
     
  18. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    What are the probabilities of an average user getting infected by a zero day exploit?

    Jerry
     
  19. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    That is a good question. Is there any actual statistical data to answer this?
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I think that depends a lot on the user....
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  22. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    752
    Location:
    india
  23. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
  24. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Let me just say that the whole thing is ridiculous.
    I won't comment on the reasons why there was the drop (and it's not there anymore) but let me just say that this is the least indicate "test" I have seen in a long while... It's anything except "zero-day" and "real-time"...

    Vlk
     
  25. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    I had been looking at it a few times a week for last several months and was encouraged by Avast usually always being in the top 3 or so.

    I thought the test seemed very thorough, as they do not go simply go by detection rates but see if an exploit plants the real malware (so seems it tested various layers of an antivirus program.)

    On version it uses: "The versions of AV engines that we have are as new as the vendor can provide us and updated at least hourly if not more frequently. But they are gateway or fileserver products for the most part. We do have plans for using full consumer AV applications as well, but that will take time and much more in donations to allow us to build the back end for that. We will get to it, just not today."


    What are the flaws in the test?

    Also, if you know why, please let us know why Avast, which was usually top of the charts at that test site every day, went down the last week or so.
     
    Last edited: May 19, 2013
Loading...
Thread Status:
Not open for further replies.